I'm not a Rails dev myself but I'm sure a couple of you guys are; there is a bug in Rails that allows an attacker to send requests to a Ruby on Rails server and execute arbitrary commands. Rails users are recommended to update systems to 3.2.11, 3.1.10, 3.0.19, or 2.3.15.

Holy crap, that's pretty nasty. Wasn't there also another (less severe) Ruby exploit just a week or so ago?

FWIW I got a call from one of my credit card companies this afternoon telling me they were canceling my card because the account had been compromised. There weren't any fraudulent charges posted to the account, but they were very insistent that they needed to close it *immediately* and issue me a new account number and card. Hmm... wonder if it's related?

The years just pass like trains. I wave, but they don't slow down.-- Steven Wilson

just brew it! wrote:FWIW I got a call from one of my credit card companies this afternoon telling me they were canceling my card because the account had been compromised. There weren't any fraudulent charges posted to the account, but they were very insistent that they needed to close it *immediately* and issue me a new account number and card. Hmm... wonder if it's related?

Possibly, but card processing companies get hacked so often these days that it's no longer "if, it's "when". Lean on them to overnight you the new cards. It's happened to me about 4 times in the past 5 years and they always want to snail-mail the replacement cards.

just brew it! wrote:FWIW I got a call from one of my credit card companies this afternoon telling me they were canceling my card because the account had been compromised. There weren't any fraudulent charges posted to the account, but they were very insistent that they needed to close it *immediately* and issue me a new account number and card. Hmm... wonder if it's related?

Possibly, but card processing companies get hacked so often these days that it's no longer "if, it's "when". Lean on them to overnight you the new cards. It's happened to me about 4 times in the past 5 years and they always want to snail-mail the replacement cards.

Probably too late for that; if they kept their word they've already been sent out.

Just dug up the cards for another account we haven't used in a couple of years; we'll just use those until the replacements arrive.

The years just pass like trains. I wave, but they don't slow down.-- Steven Wilson

Captain Ned wrote:Lean on them to overnight you the new cards. It's happened to me about 4 times in the past 5 years and they always want to snail-mail the replacement cards.

Probably too late for that; if they kept their word they've already been sent out.

Just dug up the cards for another account we haven't used in a couple of years; we'll just use those until the replacements arrive.

Replacement cards arrived today. They apparently sent them by Express Mail. Just checked their web site and everything seems to have been correctly transferred to the new card number, so I guess we're good to go (until next time)...

The years just pass like trains. I wave, but they don't slow down.-- Steven Wilson